Release 1.38.0
April 22, 2025
- Qualys strongly recommends upgrading your Qualys Container Security Sensor to 1.38.0 version to avail the latest features and enhancements.
- Ensure that you also update your existing Sensor Deployment Yaml files with the latest Yaml files published with 1.38.0 release.
What's New?
Added Compatibility for CS General Sensor with Podman Runtime
With this release, Qualys Container Security Sensor supports CS General Sensor installation on host having Podman Runtime. Earlier, CS Registry Sensor provided support to the Linux host with Podman Runtime. With this release, CS General Sensor supports above mentioned configuration.
Qualys General Sensor with Podman Runtime supports,
- Standalone Linux and Docker Hub Hosts
- Only Static and SCA scan for images
- Containers are not scanned but are listed and sent to your Qualys Enterprise TruRisk™ Platform account.
Prerequisites
- Sensor needs to run as a root (sudo) user
- Sensor needs Podman.socket. Run the following commands.
- To create a Podman Socket:
systemctl --user enable podman.socket - To start the newly created Podman Socket:
systemctl --user start podman.socket
- To create a Podman Socket:
Sensor installation on Podman runtime can be performed through installsensor.sh or through Podman Run command.
| Entity | Arguments |
| installsensor.sh | ContainerRuntime=podman StorageDriverType=overlay |
| Podman Run | --storage-driver-type=overlay |
To know more about General Sensor installation on Linux host having Podman Runtime, refer to CS Sensor Deployment Help.
CS Sensor Debug Data Collector
Previously, Qualys support team used to request you to collect sensor data for debugging. Where you had to gather and send the sensor data. This approach was time-consuming, prone to delays, and introduced the risk of incomplete or inconsistent data.
With this releases, Qualys CS Sensor automatically retrieves sensor data (for example, debug logs) from sensor container. This automation streamlines the process, reduces turnaround time, minimizes errors, and ensures more consistent and reliable data collection.
For automatic sensor data collection, Qualys will raise an email request to you seeking your confirmation for the use of this feature.
Sensor Log file Storage within the Sensor Container
Qualys Container Security Sensor runs itself as a container in your environment. Earlier, sensor log were getting generated only in Console with the help of --enable-console-logs flag. With this release, Qualys CS Sensor saves Sensor log files inside your Sensor Container. Storing sensor logs inside the container ensures that log files' accessibility for further investigation.
--enable-console-logs flag is used to capture the logs generated by a container and make them accessible in the Console output.
Updates in Sensor Deployment Yaml files
With this release, the Sensor Deployment Yamls are updated to improve accuracy of Sensor Host IP address identification wherein the Sensor Host holds more than one IP address. The Deployment Yamls are updated with the following information. You are requested to update your environment with the latest deployment Yaml files.
Under env:
- name: SENSOR_HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
Issues Addressed
The following issues have been fixed with this release.
| Category | Issue |
|---|---|
| Sensor in Harbor registry | Fixed an issue where the CS Sensor failed to tag images larger than the page size in the Harbor Registry, which prevented pagination from being generated. |
| Host IP Address | Sensor failed to display IP address of a host having more than one IPv4 addresses and showed '- (empty)' value in Qualys Enterprise TruRisk™ Platform. (Configurations > Sensors > Sensor Details > Host Summary). |